Vulnerabilidades em Google

5.229 resultados
Análise Vexday

Com 4.763 CVEs catalogadas e 77 confirmadas em exploração ativa pelo CISA KEV, a taxa de exploração dos produtos Google é 3,6 vezes superior à média geral do catálogo, sinalizando risco operacional elevado para organizações que dependem desse ecossistema. O volume de 1.225 CVEs surgidas nos últimos 90 dias indica cadência intensa de descobertas, exigindo ciclos de patching ágeis. O tipo de falha mais recorrente é CWE-416 (use-after-free), classe de vulnerabilidade que frequentemente viabiliza execução de código arbitrário e escalada de privilégios. Destaque especial para CVE-2023-4863, com EPSS de 0,9974 — valor próximo ao máximo possível —, indicando probabilidade altíssima de exploração ativa e merecendo tratamento prioritário imediato.

CVE-2024-0029HIGHIn multiple files, there is a possible way to capture the device screen when disallowed by device policy due to a logic error in the code. TEPSS 0.1%CVE-2026-13778HIGHUse after free in WebUSB in Google Chrome on Mac prior to 150.0.7871.47 allowed a local attacker to execute arbitrary code via a malicious pEPSS 0.1%CVE-2023-21253In multiple locations, there is a possible way to crash multiple system services due to resource exhaustion. This could lead to local denialEPSS 0.1%CVE-2025-12445MEDIUMPolicy bypass in Extensions in Google Chrome prior to 142.0.7444.59 allowed an attacker who convinced a user to install a malicious extensioEPSS 0.1%CVE-2026-11267MEDIUMInsufficient policy enforcement in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a EPSS 0.1%CVE-2026-5901MEDIUMInsufficient policy enforcement in DevTools in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a user to install a maEPSS 0.1%CVE-2023-3497Out of bounds read in Google Security Processor firmware in Google Chrome on Chrome OS prior to 114.0.5735.90 allowed a local attacker to peEPSS 0.1%CVE-2026-8012MEDIUMInappropriate implementation in MHTML in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer proEPSS 0.1%CVE-2026-28573CRITICALIn AndroidManifest.xml, there is a possible persistent denial of service due to a missing permission check. This could lead to local denial EPSS 0.1%CVE-2026-8584MEDIUMInappropriate implementation in Views in Google Chrome on iOS prior to 148.0.7778.168 allowed a remote attacker who had compromised the rendEPSS 0.1%CVE-2025-1121MEDIUMPrivilege escalation in Installer and Recovery image handling in Google ChromeOS version 15786.48.2 on device allows an attacker with physicEPSS 0.1%CVE-2026-0047HIGHIn dumpBitmapsProto of ActivityManagerService.java, there is a possible way for an app to access private information due to a missing permisEPSS 0.1%CVE-2026-13022LOWInappropriate implementation in Autofill in Google Chrome prior to 149.0.7827.197 allowed a remote attacker who had compromised the rendererEPSS 0.1%CVE-2018-9481MEDIUMIn bta_hd_set_report_act of bta_hd_act.cc, there is a possible out-of-bounds read due to an integer overflow. This could lead to remote infoEPSS 0.1%CVE-2026-11148MEDIUMInappropriate implementation in Payments in Google Chrome on Android prior to 149.0.7827.53 allowed a local attacker to leak cross-origin daEPSS 0.1%CVE-2023-21315In Bluetooth, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote (proximal/adjacent) informatioEPSS 0.1%CVE-2026-12456MEDIUMInappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.155 allowed an attacker who convinced a user to install a maEPSS 0.1%CVE-2026-9959LOWRace in WebRTC in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker to leak cross-origin data via a crafted HTML paEPSS 0.1%CVE-2026-11212MEDIUMInsufficient policy enforcement in DevTools in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a maEPSS 0.1%CVE-2026-11181MEDIUMInappropriate implementation in Media Session in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policyEPSS 0.1%