Vulnerabilidades em Google
5.229 resultadosAnálise Vexday
Com 4.763 CVEs catalogadas e 77 confirmadas em exploração ativa pelo CISA KEV, a taxa de exploração dos produtos Google é 3,6 vezes superior à média geral do catálogo, sinalizando risco operacional elevado para organizações que dependem desse ecossistema. O volume de 1.225 CVEs surgidas nos últimos 90 dias indica cadência intensa de descobertas, exigindo ciclos de patching ágeis. O tipo de falha mais recorrente é CWE-416 (use-after-free), classe de vulnerabilidade que frequentemente viabiliza execução de código arbitrário e escalada de privilégios. Destaque especial para CVE-2023-4863, com EPSS de 0,9974 — valor próximo ao máximo possível —, indicando probabilidade altíssima de exploração ativa e merecendo tratamento prioritário imediato.
CVE-2026-11083MEDIUMInappropriate implementation in Password Manager in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin dataEPSS 0.2%CVE-2026-11192MEDIUMInsufficient validation of untrusted input in Password Manager in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform EPSS 0.2%CVE-2026-4453MEDIUMInteger overflow in Dawn in Google Chrome on Mac prior to 146.0.7680.153 allowed a remote attacker to leak cross-origin data via a crafted HEPSS 0.2%CVE-2026-15109MEDIUMUninitialized Use in ANGLE in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to obtain potentially sensitive information frEPSS 0.2%CVE-2026-11129MEDIUMInappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via aEPSS 0.2%CVE-2025-36892HIGHDenial of serviceEPSS 0.2%CVE-2024-7017HIGHInappropriate implementation in DevTools in Google Chrome prior to 126.0.6478.182 allowed a remote attacker to potentially perform a sandboxEPSS 0.2%CVE-2026-8585HIGHInappropriate implementation in Media in Google Chrome on iOS prior to 148.0.7778.168 allowed a remote attacker who had compromised the rendEPSS 0.2%CVE-2026-11139MEDIUMInappropriate implementation in Paint in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafEPSS 0.2%CVE-2026-13999MEDIUMInsufficient validation of untrusted input in Extensions in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user toEPSS 0.2%CVE-2025-12729MEDIUMInappropriate implementation in Omnibox in Google Chrome on Android prior to 142.0.7444.137 allowed a remote attacker who convinced a user tEPSS 0.2%CVE-2026-14047MEDIUMInsufficient policy enforcement in Extensions in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a EPSS 0.2%CVE-2026-11143MEDIUMOut of bounds read in Extensions in Google Chrome on Linux prior to 149.0.7827.53 allowed an attacker who convinced a user to install a maliEPSS 0.2%CVE-2023-21238—In visitUris of RemoteViews.java, there is a possible leak of images between users due to a confused deputy. This could lead to local informEPSS 0.2%CVE-2026-11252MEDIUMInsufficient policy enforcement in Content Settings in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass discretionarEPSS 0.2%CVE-2026-11274MEDIUMInappropriate implementation in DOM Distiller in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to bypass navigation EPSS 0.2%CVE-2026-11296HIGHInappropriate implementation in ImageCapture in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the rendeEPSS 0.2%CVE-2023-40133—In multiple locations of DialogFillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead EPSS 0.2%CVE-2024-43088HIGHIn multiple functions in AppInfoBase.java, there is a possible way to manipulate app permission settings belonging to another user on the deEPSS 0.2%CVE-2026-14081MEDIUMInsufficient policy enforcement in DevTools in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a maEPSS 0.2%