Vulnerabilidades em Google
5.229 resultadosAnálise Vexday
Com 4.763 CVEs catalogadas e 77 confirmadas em exploração ativa pelo CISA KEV, a taxa de exploração dos produtos Google é 3,6 vezes superior à média geral do catálogo, sinalizando risco operacional elevado para organizações que dependem desse ecossistema. O volume de 1.225 CVEs surgidas nos últimos 90 dias indica cadência intensa de descobertas, exigindo ciclos de patching ágeis. O tipo de falha mais recorrente é CWE-416 (use-after-free), classe de vulnerabilidade que frequentemente viabiliza execução de código arbitrário e escalada de privilégios. Destaque especial para CVE-2023-4863, com EPSS de 0,9974 — valor próximo ao máximo possível —, indicando probabilidade altíssima de exploração ativa e merecendo tratamento prioritário imediato.
CVE-2023-21387—In User Backup Manager, there is a possible way to leak a token to bypass user confirmation for backup due to log information disclosure. ThEPSS 0.1%CVE-2024-29740HIGHIn tmu_set_table of tmu.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of priEPSS 0.1%CVE-2025-12910MEDIUMInappropriate implementation in Passkeys in Google Chrome prior to 140.0.7339.80 allowed a local attacker to obtain potentially sensitive inEPSS 0.1%CVE-2026-11269HIGHInappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker in a privileged network position to eEPSS 0.1%CVE-2024-49739MEDIUMIn MMapVAccess of pmr_os.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation ofEPSS 0.1%CVE-2025-48635HIGHIn multiple functions of TaskFragmentOrganizerController.java, there is a possible activity token leak due to a logic error in the code. ThiEPSS 0.1%CVE-2023-40128—In several functions of xmlregexp.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalatEPSS 0.1%CVE-2026-0025HIGHIn hasImage of Notification.java, there is a possible way to reveal information across users due to a permissions bypass. This could lead toEPSS 0.1%CVE-2023-35659HIGHIn DevmemIntChangeSparse of devicemem_server.c, there is a possible arbitrary code execution due to a logic error in the code. This could leEPSS 0.1%CVE-2026-14124HIGHInappropriate implementation in CredentialProvider in Google Chrome on Windows prior to 150.0.7871.47 allowed a local attacker to perform OSEPSS 0.1%CVE-2023-40116HIGHIn onTaskAppeared of PipTaskOrganizer.java, there is a possible way to bypass background activity launch restrictions due to a logic error iEPSS 0.1%CVE-2025-12474LOWlibjxl: Uninitialized memory read in decoder due to incorrect optimization in patch handlingEPSS 0.1%CVE-2025-26428LOWIn startLockTaskMode of LockTaskController.java, there is a possible lock screen bypass due to a logic error in the code. This could lead toEPSS 0.1%CVE-2023-21336—In Input Method, there is a possible way to determine whether an app is installed, without query permissions, due to side channel informatioEPSS 0.1%CVE-2024-43082MEDIUMIn onActivityResult of EditUserPhotoController.java, there is a possible cross-user media read due to a confused deputy. This could lead to EPSS 0.1%CVE-2025-48579HIGHIn multiple functions of MediaProvider.java, there is a possible external storage write permission bypass due to a confused deputy. This couEPSS 0.1%CVE-2026-0049MEDIUMIn onHeaderDecoded of LocalImageResolver.java, there is a possible persistent denial of service due to resource exhaustion. This could lead EPSS 0.1%CVE-2023-21335—In Settings, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information diEPSS 0.1%CVE-2023-21331—In InputMethod, there is a possible way to determine whether an app is installed, without query permissions, due to side channel informationEPSS 0.1%CVE-2024-31312MEDIUMIn multiple locations, there is a possible information leak due to a missing permission check. This could lead to local information disclosuEPSS 0.1%