Vulnerabilidades em Google

5.229 resultados
Análise Vexday

Com 4.763 CVEs catalogadas e 77 confirmadas em exploração ativa pelo CISA KEV, a taxa de exploração dos produtos Google é 3,6 vezes superior à média geral do catálogo, sinalizando risco operacional elevado para organizações que dependem desse ecossistema. O volume de 1.225 CVEs surgidas nos últimos 90 dias indica cadência intensa de descobertas, exigindo ciclos de patching ágeis. O tipo de falha mais recorrente é CWE-416 (use-after-free), classe de vulnerabilidade que frequentemente viabiliza execução de código arbitrário e escalada de privilégios. Destaque especial para CVE-2023-4863, com EPSS de 0,9974 — valor próximo ao máximo possível —, indicando probabilidade altíssima de exploração ativa e merecendo tratamento prioritário imediato.

CVE-2026-14110MEDIUMInappropriate implementation in DarkMode in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafEPSS 0.2%CVE-2026-7959LOWInappropriate implementation in Navigation in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the rendereEPSS 0.2%CVE-2018-9373HIGHIn TdlsexRxFrameHandle of the MTK WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to remEPSS 0.2%CVE-2026-5909HIGHInteger overflow in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a craEPSS 0.2%CVE-2026-5908HIGHInteger overflow in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a craEPSS 0.2%CVE-2026-8538MEDIUMInsufficient validation of untrusted input in GPU in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised theEPSS 0.2%CVE-2024-47039CRITICALOOB Read in the android.hardware.boot.IBootControl/default serviceEPSS 0.2%CVE-2026-11213CRITICALInsufficient validation of untrusted input in Reading Mode in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromEPSS 0.2%CVE-2025-12441MEDIUMOut of bounds read in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to perform an out of bounds memory read via a craEPSS 0.2%CVE-2026-5910HIGHInteger overflow in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a craEPSS 0.2%CVE-2026-8552MEDIUMHeap buffer overflow in GPU in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memoryEPSS 0.2%CVE-2026-13026HIGHUse after free in Digital Credentials in Google Chrome on Mac prior to 149.0.7827.197 allowed a remote attacker to potentially exploit heap EPSS 0.2%CVE-2026-11717CRITICALAn authentication bypass vulnerability exists in the generic opaque token validation path (validateOpaqueToken) of googleapis/mcp-toolbox. EPSS 0.2%CVE-2026-9955MEDIUMInappropriate implementation in iOS in Google Chrome on iOS prior to 148.0.7778.216 allowed a remote attacker to leak cross-origin data via EPSS 0.2%CVE-2026-12446MEDIUMInappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to leak cross-origin data via aEPSS 0.2%CVE-2024-10389MEDIUMPath Traversal in SafearchiveEPSS 0.2%CVE-2026-13990MEDIUMInsufficient validation of untrusted input in DataTransfer in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who EPSS 0.2%CVE-2025-1292MEDIUMTPM2 Out-Of-Bounds Write Leading to Potential Operating System Verification Bypass in ChromeOSEPSS 0.2%CVE-2026-11237HIGHInsufficient validation of untrusted input in Media in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised thEPSS 0.2%CVE-2023-21255In multiple functions of binder.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of priEPSS 0.2%