Vulnerabilidades em Google

5.150 resultados
Análise Vexday

Com 4.763 CVEs catalogadas e 77 confirmadas em exploração ativa pelo CISA KEV, a taxa de exploração dos produtos Google é 3,6 vezes superior à média geral do catálogo, sinalizando risco operacional elevado para organizações que dependem desse ecossistema. O volume de 1.225 CVEs surgidas nos últimos 90 dias indica cadência intensa de descobertas, exigindo ciclos de patching ágeis. O tipo de falha mais recorrente é CWE-416 (use-after-free), classe de vulnerabilidade que frequentemente viabiliza execução de código arbitrário e escalada de privilégios. Destaque especial para CVE-2023-4863, com EPSS de 0,9974 — valor próximo ao máximo possível —, indicando probabilidade altíssima de exploração ativa e merecendo tratamento prioritário imediato.

CVE-2024-6101HIGHInappropriate implementation in V8 in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to perform out of bounds memory accessEPSS 0.8%CVE-2011-2337A wrong type is used for a return value from strlen in WebKit in Google Chrome before Blink M12 on 64-bit platforms.EPSS 0.8%CVE-2019-5841Out of bounds memory access in JavaScript in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially exploit heap corruEPSS 0.8%CVE-2022-2161Use after free in WebApp Provider in Google Chrome prior to 103.0.5060.53 allowed a remote attacker who convinced the user to engage in specEPSS 0.8%CVE-2021-38016Insufficient policy enforcement in background fetch in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass same origin pEPSS 0.8%CVE-2021-38017Insufficient policy enforcement in iframe sandbox in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass navigation restEPSS 0.8%CVE-2022-3196HIGHUse after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafteEPSS 0.8%CVE-2020-6497Insufficient policy enforcement in Omnibox in Google Chrome on iOS prior to 83.0.4103.88 allowed a remote attacker to perform domain spoofinEPSS 0.8%CVE-2020-16027Insufficient policy enforcement in developer tools in Google Chrome prior to 87.0.4280.66 allowed an attacker who convinced a user to instalEPSS 0.8%CVE-2023-2468Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63 allowed a remote attacker who had compromised the rEPSS 0.8%CVE-2023-2462Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to obfuscate main origin data via EPSS 0.8%CVE-2024-3847CRITICALInsufficient policy enforcement in WebUI in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass content security policyEPSS 0.8%CVE-2023-2466Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to spoof the contents of the securEPSS 0.8%CVE-2022-2624Heap buffer overflow in PDF in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific useEPSS 0.8%CVE-2021-37989Inappropriate implementation in Blink in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to abuse content security policy via EPSS 0.8%CVE-2022-0310Heap buffer overflow in Task Manager in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruptionEPSS 0.8%CVE-2019-5856Insufficient policy enforcement in storage in Google Chrome prior to 76.0.3809.87 allowed a remote attacker who had compromised the rendererEPSS 0.8%CVE-2026-9111HIGHUse after free in WebRTC in Google Chrome on Linux prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code via a craftedEPSS 0.8%CVE-2024-1673HIGHUse after free in Accessibility in Google Chrome prior to 122.0.6261.57 allowed a remote attacker who had compromised the renderer process tEPSS 0.8%CVE-2016-10403Insufficient data validation on image data in PDFium in Google Chrome prior to 51.0.2704.63 allowed a remote attacker to perform an out of bEPSS 0.8%