Vulnerabilidades em Google
5.229 resultadosAnálise Vexday
Com 4.763 CVEs catalogadas e 77 confirmadas em exploração ativa pelo CISA KEV, a taxa de exploração dos produtos Google é 3,6 vezes superior à média geral do catálogo, sinalizando risco operacional elevado para organizações que dependem desse ecossistema. O volume de 1.225 CVEs surgidas nos últimos 90 dias indica cadência intensa de descobertas, exigindo ciclos de patching ágeis. O tipo de falha mais recorrente é CWE-416 (use-after-free), classe de vulnerabilidade que frequentemente viabiliza execução de código arbitrário e escalada de privilégios. Destaque especial para CVE-2023-4863, com EPSS de 0,9974 — valor próximo ao máximo possível —, indicando probabilidade altíssima de exploração ativa e merecendo tratamento prioritário imediato.
CVE-2018-9416CRITICALIn sg_remove_scat of scsi/sg.c, there is a possible memory corruption due to
an unusual root cause. This could lead to local escalation EPSS 0.2%CVE-2023-7258MEDIUMDenial-of-Service in GvisorEPSS 0.2%CVE-2026-13983MEDIUMInappropriate implementation in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker who convinced a userEPSS 0.2%CVE-2026-3929LOWSide-channel information leakage in ResourceTiming in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to leak cross-origin daEPSS 0.2%CVE-2025-12436MEDIUMPolicy bypass in Extensions in Google Chrome prior to 142.0.7444.59 allowed an attacker who convinced a user to install a malicious extensioEPSS 0.2%CVE-2018-20072HIGHInsufficient data validation in PDF in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform out of bounds memory access EPSS 0.2%CVE-2026-9993HIGHUse after free in Views in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potenEPSS 0.2%CVE-2025-1079HIGHRCE In Google Web DesignerEPSS 0.2%CVE-2026-10011LOWInappropriate implementation in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer proEPSS 0.2%CVE-2026-14053MEDIUMInsufficient policy enforcement in Extensions in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the rendEPSS 0.2%CVE-2026-10004MEDIUMInsufficient validation of untrusted input in Passwords in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to perform UI spoEPSS 0.2%CVE-2026-11145MEDIUMRace in Geolocation in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTMEPSS 0.2%CVE-2025-48535HIGHIn assertSafeToStartCustomActivity of AppRestrictionsFragment.java , there is a possible way to exploit a parcel mismatch resulting in a lauEPSS 0.2%CVE-2026-5914HIGHType Confusion in CSS in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a user to install a malicious extension to pEPSS 0.2%CVE-2026-8013MEDIUMInsufficient validation of untrusted input in FedCM in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak cross-origin dEPSS 0.2%CVE-2025-13640LOWInappropriate implementation in Passwords in Google Chrome prior to 143.0.7499.41 allowed a local attacker to bypass authentication via physEPSS 0.2%CVE-2026-7999MEDIUMInappropriate implementation in V8 in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to obtain potentially sensitive informaEPSS 0.2%CVE-2026-8564MEDIUMIncorrect security UI in Downloads in Google Chrome on Android and Mac prior to 148.0.7778.168 allowed a remote attacker to perform UI spoofEPSS 0.2%CVE-2026-14138MEDIUMInappropriate implementation in WebAppInstalls in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who convinced a EPSS 0.2%CVE-2026-7943MEDIUMInsufficient validation of untrusted input in ANGLE in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised thEPSS 0.2%