Vulnerabilidades em Google

5.202 resultados
Análise Vexday

Com 4.763 CVEs catalogadas e 77 confirmadas em exploração ativa pelo CISA KEV, a taxa de exploração dos produtos Google é 3,6 vezes superior à média geral do catálogo, sinalizando risco operacional elevado para organizações que dependem desse ecossistema. O volume de 1.225 CVEs surgidas nos últimos 90 dias indica cadência intensa de descobertas, exigindo ciclos de patching ágeis. O tipo de falha mais recorrente é CWE-416 (use-after-free), classe de vulnerabilidade que frequentemente viabiliza execução de código arbitrário e escalada de privilégios. Destaque especial para CVE-2023-4863, com EPSS de 0,9974 — valor próximo ao máximo possível —, indicando probabilidade altíssima de exploração ativa e merecendo tratamento prioritário imediato.

CVE-2026-11248HIGHInappropriate implementation in Google Lens in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictiEPSS 0.2%CVE-2026-14062MEDIUMInappropriate implementation in Views in Google Chrome on ChromeOS prior to 150.0.7871.47 allowed an attacker who convinced a user to instalEPSS 0.2%CVE-2025-13720HIGHBad cast in Loader in Google Chrome prior to 143.0.7499.41 allowed a remote attacker who had compromised the renderer process to potentiallyEPSS 0.2%CVE-2026-7955MEDIUMUninitialized Use in GPU in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to obtaiEPSS 0.2%CVE-2025-11215MEDIUMOff by one error in V8 in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to perform an out of bounds memory read via a craftEPSS 0.2%CVE-2026-14122HIGHInsufficient validation of untrusted input in WebAppInstalls in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker toEPSS 0.2%CVE-2026-11250CRITICALInappropriate implementation in DevTools in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer EPSS 0.2%CVE-2026-7982MEDIUMUninitialized Use in WebCodecs in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to obtain potentially sensitive informationEPSS 0.2%CVE-2026-7924MEDIUMUninitialized Use in Dawn in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to obtain potentially sensitive information fromEPSS 0.2%CVE-2024-7018HIGHHeap buffer overflow in PDF in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to potentially exploit heap corruption via a cEPSS 0.2%CVE-2026-9908MEDIUMOut of bounds read in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to obtain potentially sensitive information fEPSS 0.2%CVE-2026-13949MEDIUMInsufficient policy enforcement in Payments in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to obtain potentialEPSS 0.2%CVE-2026-14019MEDIUMInappropriate implementation in Passwords in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a EPSS 0.2%CVE-2026-9921MEDIUMUninitialized Use in WebGL in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to leak cross-origin information viEPSS 0.2%CVE-2026-9935MEDIUMUninitialized Use in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to leak cross-origin data via a crafted HTML pEPSS 0.2%CVE-2026-14058MEDIUMInsufficient policy enforcement in Parser in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass content security policEPSS 0.2%CVE-2023-48419CRITICALAn attacker in the wifi vicinity of a target Google Home can spy on the victim, resulting in EoPEPSS 0.2%CVE-2023-48426CRITICALChromecast Bootloader & Kernel-level code-execution including compromise of user-dataEPSS 0.2%CVE-2026-11672HIGHHeap buffer overflow in GPU in Google Chrome on Android prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer pEPSS 0.2%CVE-2024-22004CRITICALUnchecked length in Trusted Application on Google Nest Wifi Pro, leading to out of bounds readEPSS 0.2%