Vulnerabilities in Google

5,202 results
Vexday analysis

Com 4.763 CVEs catalogadas e 77 confirmadas em exploração ativa pelo CISA KEV, a taxa de exploração dos produtos Google é 3,6 vezes superior à média geral do catálogo, sinalizando risco operacional elevado para organizações que dependem desse ecossistema. O volume de 1.225 CVEs surgidas nos últimos 90 dias indica cadência intensa de descobertas, exigindo ciclos de patching ágeis. O tipo de falha mais recorrente é CWE-416 (use-after-free), classe de vulnerabilidade que frequentemente viabiliza execução de código arbitrário e escalada de privilégios. Destaque especial para CVE-2023-4863, com EPSS de 0,9974 — valor próximo ao máximo possível —, indicando probabilidade altíssima de exploração ativa e merecendo tratamento prioritário imediato.

CVE-2025-36894HIGHIn TBD of TBD, there is a possible DoS due to a missing null check. This could lead to remote denial of service with no additional executionEPSS 0.3%CVE-2026-9922HIGHUse after free in GPU in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to EPSS 0.3%CVE-2026-11052CRITICALType Confusion in GPU in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process EPSS 0.3%CVE-2026-9934HIGHUse after free in Aura in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who convinced a user to engage in specific UI gestEPSS 0.3%CVE-2026-12448HIGHInappropriate implementation in WebView in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker to perform privilege eEPSS 0.3%CVE-2026-13931MEDIUMInappropriate implementation in Media in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who had compromised the rEPSS 0.3%CVE-2026-13985MEDIUMInappropriate implementation in MediaCapture in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the rendeEPSS 0.3%CVE-2026-14090CRITICALInsufficient validation of untrusted input in CameraCapture in Google Chrome on ChromeOS prior to 150.0.7871.47 allowed a remote attacker toEPSS 0.3%CVE-2026-14397CRITICALOut of bounds write in ANGLE in Google Chrome on Mac prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escapEPSS 0.3%CVE-2026-4451HIGHInsufficient validation of untrusted input in Navigation in Google Chrome prior to 146.0.7680.153 allowed a remote attacker who had compromiEPSS 0.3%CVE-2025-1290HIGHA race condition Use-After-Free vulnerability exists in the virtio_transport_space_update function within the Kernel 5.4 on ChromeOS. ConcurEPSS 0.3%CVE-2026-14109CRITICALInsufficient policy enforcement in Mojo in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer pEPSS 0.3%CVE-2026-14411CRITICALInsufficient validation of untrusted input in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially performEPSS 0.3%CVE-2026-14102HIGHUse after free in Passwords in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to potentially exploit heap corruption via a cEPSS 0.3%CVE-2026-0041MEDIUMIn multiple functions of ubsan_throwing_runtime.cpp, there is a possible UBSan failure due to an integer overflow. This could lead to remoteEPSS 0.3%CVE-2026-4452HIGHInteger overflow in ANGLE in Google Chrome on Windows prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruptiEPSS 0.3%CVE-2026-0144MEDIUMIn writeAocCommand of AocAudioCodec.cpp, there is a possible memory safety issue due to a missing bounds check. This could lead to remote deEPSS 0.3%CVE-2026-0051MEDIUMIn multiple functions of ubsan_throwing_runtime.cpp, there is a possible way to cause a system crash due to improper input validation. This EPSS 0.3%CVE-2026-4445HIGHUse after free in WebRTC in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a craEPSS 0.3%CVE-2026-14420CRITICALOut of bounds read and write in Dawn in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escaEPSS 0.3%