Vulnerabilidades em Google

5.229 resultados
Análise Vexday

Com 4.763 CVEs catalogadas e 77 confirmadas em exploração ativa pelo CISA KEV, a taxa de exploração dos produtos Google é 3,6 vezes superior à média geral do catálogo, sinalizando risco operacional elevado para organizações que dependem desse ecossistema. O volume de 1.225 CVEs surgidas nos últimos 90 dias indica cadência intensa de descobertas, exigindo ciclos de patching ágeis. O tipo de falha mais recorrente é CWE-416 (use-after-free), classe de vulnerabilidade que frequentemente viabiliza execução de código arbitrário e escalada de privilégios. Destaque especial para CVE-2023-4863, com EPSS de 0,9974 — valor próximo ao máximo possível —, indicando probabilidade altíssima de exploração ativa e merecendo tratamento prioritário imediato.

CVE-2026-3940MEDIUMInsufficient policy enforcement in DevTools in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictiEPSS 0.2%CVE-2026-7989MEDIUMInsufficient data validation in DataTransfer in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the rendeEPSS 0.2%CVE-2026-1260HIGHInvalid Memory Access in Sentencepiece,EPSS 0.2%CVE-2024-43090MEDIUMIn multiple locations, there is a possible cross-user image read due to a missing permission check. This could lead to local information disEPSS 0.2%CVE-2026-14139MEDIUMInappropriate implementation in TabStrip in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage inEPSS 0.2%CVE-2026-8011MEDIUMInsufficient policy enforcement in Search in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak cross-origin data via a EPSS 0.2%CVE-2026-14028MEDIUMIncorrect security UI in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engEPSS 0.2%CVE-2025-13102MEDIUMInappropriate implementation in WebApp Installs in Google Chrome on Android prior to 134.0.6998.35 allowed a remote attacker to perform UI sEPSS 0.2%CVE-2026-8014MEDIUMInappropriate implementation in Preload in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak cross-origin data via a crEPSS 0.2%CVE-2025-22412HIGHIn multiple functions of sdp_server.cc, there is a possible use after free due to a logic error in the code. This could lead to remote (proxEPSS 0.2%CVE-2023-7261HIGHInappropriate implementation in Google Updator prior to 1.3.36.351 in Google Chrome allowed a local attacker to perform privilege escalationEPSS 0.2%CVE-2025-22411HIGHIn process_service_attr_rsp of sdp_discovery.cc, there is a possible use after free due to a logic error in the code. This could lead to remEPSS 0.2%CVE-2023-40103In multiple locations, there is a possible way to corrupt memory due to a double free. This could lead to local escalation of privilege withEPSS 0.2%CVE-2026-7360LOWInsufficient validation of untrusted input. in Compositing in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had comproEPSS 0.2%CVE-2026-15119HIGHRace in GetUserMedia in Google Chrome prior to 150.0.7871.115 allowed a remote attacker who had compromised the renderer process to potentiaEPSS 0.2%CVE-2026-15123HIGHInappropriate implementation in DOM in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to potentially exploit heap corruptioEPSS 0.2%CVE-2026-8545LOWObject corruption in Compositing in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer processEPSS 0.2%CVE-2026-15117HIGHUse after free in Payments in Google Chrome prior to 150.0.7871.115 allowed a remote attacker who convinced a user to engage in specific UI EPSS 0.2%CVE-2026-11214MEDIUMInappropriate implementation in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to leak cross-originEPSS 0.2%CVE-2026-15111HIGHUse after free in Views in Google Chrome prior to 150.0.7871.115 allowed a remote attacker who convinced a user to engage in specific UI gesEPSS 0.2%