Vulnerabilidades em Google
5.229 resultadosAnálise Vexday
Com 4.763 CVEs catalogadas e 77 confirmadas em exploração ativa pelo CISA KEV, a taxa de exploração dos produtos Google é 3,6 vezes superior à média geral do catálogo, sinalizando risco operacional elevado para organizações que dependem desse ecossistema. O volume de 1.225 CVEs surgidas nos últimos 90 dias indica cadência intensa de descobertas, exigindo ciclos de patching ágeis. O tipo de falha mais recorrente é CWE-416 (use-after-free), classe de vulnerabilidade que frequentemente viabiliza execução de código arbitrário e escalada de privilégios. Destaque especial para CVE-2023-4863, com EPSS de 0,9974 — valor próximo ao máximo possível —, indicando probabilidade altíssima de exploração ativa e merecendo tratamento prioritário imediato.
CVE-2025-8747HIGHKeras safe_mode bypass allows arbitrary code execution when loading a malicious model.EPSS 0.1%CVE-2024-31310HIGHIn newServiceInfoLocked of AutofillManagerServiceImpl.java, there is a possible way to hide an enabled Autofill service app in the Autofill EPSS 0.1%CVE-2023-40130HIGHIn notifyTimeout of CallRedirectionProcessor, there is a possible permission bypass due to a logic error in the code. This could lead to locEPSS 0.1%CVE-2024-40653HIGHIn multiple functions of ConnectionServiceWrapper.java, there is a possible way to retain a permission forever in the background due to a loEPSS 0.1%CVE-2024-43087HIGHIn getInstalledAccessibilityPreferences of AccessibilitySettings.java, there is a possible way to hide an enabled accessibility service in tEPSS 0.1%CVE-2026-0011HIGHIn enableSystemPackageLPw of Settings.java, there is a possible way to prevent location access from working due to a logic error in the codeEPSS 0.1%CVE-2026-7941MEDIUMInsufficient validation of untrusted input in Mobile in Google Chrome on Android prior to 148.0.7778.96 allowed a local attacker to inject aEPSS 0.1%CVE-2026-7925HIGHUse after free in Chromoting in Google Chrome on Windows prior to 148.0.7778.96 allowed a local attacker to perform OS-level privilege escalEPSS 0.1%CVE-2026-0106CRITICALIn vpu_mmap of vpu_ioctl, there is a possible arbitrary address mmap due to a missing bounds check. This could lead to local escalation of pEPSS 0.1%CVE-2024-34726HIGHIn PVRSRV_MMap of pvr_bridge_k.c, there is a possible arbitrary code execution due to a logic error in the code. This could lead to local esEPSS 0.1%CVE-2024-31316HIGHIn onResult of AccountManagerService.java, there is a possible way to perform an arbitrary background activity launch due to parcel mismatchEPSS 0.1%CVE-2024-0024HIGHIn multiple methods of UserManagerService.java, there is a possible failure to persist or enforce user restrictions due to improper input vaEPSS 0.1%CVE-2025-36923HIGHIn NrmmDecoder::DecodeSORTransparentContext of cn_NrmmDecoder.cpp, there is a possible out of bounds write due to a heap buffer overflow. ThEPSS 0.1%CVE-2023-0460MEDIUMRemote code execution in YouTube Android Player API SDKEPSS 0.1%CVE-2024-34729HIGHIn multiple locations, there is a possible arbitrary code execution due to a logic error in the code. This could lead to local escalation ofEPSS 0.1%CVE-2026-13955LOWInsufficient validation of untrusted input in CustomTabs in Google Chrome on Android prior to 150.0.7871.47 allowed a local attacker to perfEPSS 0.1%CVE-2024-0042MEDIUMIn TBD of TBD, there is a possible confusion of OEM and DRM certificates due to improperly used crypto. This could lead to local bypass of DEPSS 0.1%CVE-2023-35680—In multiple locations, there is a possible way to import contacts belonging to other users due to a confused deputy. This could lead to locaEPSS 0.1%CVE-2025-36924HIGHIn ss_DecodeLcsAssistDataReqMsg(void) of ss_LcsManagement.c, there is a possible out of bounds write due to an incorrect bounds check. This EPSS 0.1%CVE-2023-48407—there is a possible DCK won't be deleted after factory reset due to a logic error in the code. This could lead to local escalation of privilEPSS 0.1%