Vulnerabilidades em Google

5.229 resultados
Análise Vexday

Com 4.763 CVEs catalogadas e 77 confirmadas em exploração ativa pelo CISA KEV, a taxa de exploração dos produtos Google é 3,6 vezes superior à média geral do catálogo, sinalizando risco operacional elevado para organizações que dependem desse ecossistema. O volume de 1.225 CVEs surgidas nos últimos 90 dias indica cadência intensa de descobertas, exigindo ciclos de patching ágeis. O tipo de falha mais recorrente é CWE-416 (use-after-free), classe de vulnerabilidade que frequentemente viabiliza execução de código arbitrário e escalada de privilégios. Destaque especial para CVE-2023-4863, com EPSS de 0,9974 — valor próximo ao máximo possível —, indicando probabilidade altíssima de exploração ativa e merecendo tratamento prioritário imediato.

CVE-2026-13895MEDIUMInappropriate implementation in Autofill in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage inEPSS 0.2%CVE-2025-11206HIGHHeap buffer overflow in Video in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to potentially perform a sandbox escape via EPSS 0.2%CVE-2026-14381MEDIUMIncorrect security UI in WebAppInstalls in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to perform UI spoofing via a craftEPSS 0.2%CVE-2026-9920LOWUninitialized Use in GPU in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer procEPSS 0.2%CVE-2026-0156MEDIUMIn checkSsrcCollisionOnRcv of RtpSession.cpp, there is a possible memory safety issue due to a missing null check. This could lead to remoteEPSS 0.2%CVE-2026-8580CRITICALUse after free in Mojo in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafEPSS 0.2%CVE-2024-40674MEDIUMIn validateSsid of WifiConfigurationUtil.java, there is a possible way to overflow a system configuration file due to a logic error in the cEPSS 0.2%CVE-2026-13881MEDIUMInappropriate implementation in WebAppInstalls in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass same origin policEPSS 0.2%CVE-2026-6920CRITICALOut of bounds read in GPU in Google Chrome on Android prior to 147.0.7727.117 allowed a remote attacker who had compromised the renderer proEPSS 0.2%CVE-2026-11169HIGHInappropriate implementation in XML in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to inject arbitrary scripts or HTML (UEPSS 0.2%CVE-2026-14082MEDIUMRace in Storage in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (ChromiEPSS 0.2%CVE-2026-14040HIGHUse after free in BrowserTag in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extensiEPSS 0.2%CVE-2026-14155MEDIUMInsufficient policy enforcement in StorageAccessAPI in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin dEPSS 0.2%CVE-2026-2320MEDIUMInappropriate implementation in File input in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage EPSS 0.2%CVE-2026-14075MEDIUMInsufficient policy enforcement in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to bypass no-refeEPSS 0.2%CVE-2025-0084HIGHIn multiple locations, there is a possible out of bounds write due to a use after free. This could lead to remote code execution over BluetoEPSS 0.2%CVE-2026-9943MEDIUMOut of bounds read in WebGL in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to leak cross-origin data via a crEPSS 0.2%CVE-2024-32895CRITICALIn BCMFASTPATH of dhd_msgbuf.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation oEPSS 0.2%CVE-2026-11069MEDIUMInsufficient validation of untrusted input in Cast in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass same origin pEPSS 0.2%CVE-2025-0087MEDIUMIn onCreate of UninstallerActivity.java, there is a possible way to uninstall a different user's app due to a missing permission check. ThisEPSS 0.2%