Vulnerabilidades em Google
5.229 resultadosAnálise Vexday
Com 4.763 CVEs catalogadas e 77 confirmadas em exploração ativa pelo CISA KEV, a taxa de exploração dos produtos Google é 3,6 vezes superior à média geral do catálogo, sinalizando risco operacional elevado para organizações que dependem desse ecossistema. O volume de 1.225 CVEs surgidas nos últimos 90 dias indica cadência intensa de descobertas, exigindo ciclos de patching ágeis. O tipo de falha mais recorrente é CWE-416 (use-after-free), classe de vulnerabilidade que frequentemente viabiliza execução de código arbitrário e escalada de privilégios. Destaque especial para CVE-2023-4863, com EPSS de 0,9974 — valor próximo ao máximo possível —, indicando probabilidade altíssima de exploração ativa e merecendo tratamento prioritário imediato.
CVE-2024-3173HIGHInsufficient data validation in Updater in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to perform OS-level privilege escaEPSS 0.2%CVE-2026-8587HIGHUse after free in Extensions in Google Chrome on Mac prior to 148.0.7778.168 allowed an attacker who convinced a user to install a maliciousEPSS 0.2%CVE-2026-13944LOWInappropriate implementation in DataTransfer in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker who convinced a user tEPSS 0.2%CVE-2025-13636MEDIUMInappropriate implementation in Split View in Google Chrome prior to 143.0.7499.41 allowed a remote attacker who convinced a user to engage EPSS 0.2%CVE-2025-9479MEDIUMOut of bounds read in V8 in Google Chrome prior to 133.0.6943.141 allowed a remote attacker to potentially exploit heap corruption via a craEPSS 0.2%CVE-2026-13963LOWInappropriate implementation in DevTools in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage inEPSS 0.2%CVE-2026-12014HIGHUse after free in Cast in Google Chrome prior to 149.0.7827.115 allowed an attacker on the local network segment to potentially perform a saEPSS 0.2%CVE-2023-21246—In ShortcutInfo of ShortcutInfo.java, there is a possible way for an app to retain notification listening access due to an uncaught exceptioEPSS 0.2%CVE-2026-12451HIGHUse after free in DigitalCredentials in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer proEPSS 0.2%CVE-2018-9440MEDIUMIn parse of M3UParser.cpp there is a possible resource exhaustion due to improper input validation. This could lead to denial of service witEPSS 0.2%CVE-2023-21285—In setMetadata of MediaSessionRecord.java, there is a possible way to view another user's images due to a confused deputy. This could lead tEPSS 0.2%CVE-2026-14142MEDIUMInappropriate implementation in Extensions in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the rendereEPSS 0.2%CVE-2025-12447MEDIUMIncorrect security UI in Omnibox in Google Chrome on Android prior to 142.0.7444.59 allowed a remote attacker who convinced a user to engageEPSS 0.2%CVE-2023-35683—In bindSelection of DatabaseUtils.java, there is a possible way to access files from other applications due to SQL injection. This could leaEPSS 0.2%CVE-2025-12444MEDIUMIncorrect security UI in Fullscreen UI in Google Chrome prior to 142.0.7444.59 allowed a remote attacker who convinced a user to engage in sEPSS 0.2%CVE-2026-0130LOWIn RtcpChunk::decodeRtcpChunk, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information dEPSS 0.2%CVE-2026-10012HIGHUse after free in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentEPSS 0.2%CVE-2026-10001HIGHUse after free in PerformanceManager in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer proEPSS 0.2%CVE-2026-9998HIGHInteger overflow in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to poteEPSS 0.2%CVE-2026-9990HIGHUse after free in WebAppInstalls in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker who convinced a user to engage inEPSS 0.2%