Vulnerabilities in Google
5,244 resultsVexday analysis
Com 4.763 CVEs catalogadas e 77 confirmadas em exploração ativa pelo CISA KEV, a taxa de exploração dos produtos Google é 3,6 vezes superior à média geral do catálogo, sinalizando risco operacional elevado para organizações que dependem desse ecossistema. O volume de 1.225 CVEs surgidas nos últimos 90 dias indica cadência intensa de descobertas, exigindo ciclos de patching ágeis. O tipo de falha mais recorrente é CWE-416 (use-after-free), classe de vulnerabilidade que frequentemente viabiliza execução de código arbitrário e escalada de privilégios. Destaque especial para CVE-2023-4863, com EPSS de 0,9974 — valor próximo ao máximo possível —, indicando probabilidade altíssima de exploração ativa e merecendo tratamento prioritário imediato.
CVE-2025-36889MEDIUMIn onCreateTasks of CameraActivity.java, there is a possible permission bypass due to a confused deputy. This could lead to local informatioEPSS 0.1%CVE-2025-22442HIGHIn multiple functions of DevicePolicyManagerService.java, there is a possible way to install unauthorized applications into a newly created EPSS 0.1%CVE-2025-48575HIGHIn multiple functions of CertInstaller.java, there is a possible way to install certificates due to a permissions bypass. This could lead toEPSS 0.1%CVE-2026-0112HIGHIn vpu_open_inst of vpu_ioctl.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilegEPSS 0.1%CVE-2026-0158LOWIn Camera, there is a possible unauthorized way to access photos due to a missing permission check. This could lead to local information disEPSS 0.1%CVE-2025-48625HIGHIn multiple locations of UsbDataAdvancedProtectionHook.java, there is a possible way to access USB data when the screen is off due to a raceEPSS 0.1%CVE-2026-0094HIGHIn getApplicationLabel of KeyChainActivity.java, there is a possible way to trick the user into approving access to certificates due to mislEPSS 0.1%CVE-2026-0121LOWIn VPU, there is a possible use-after-free read due to a race condition. This could lead to local information disclosure with no additional EPSS 0.1%CVE-2025-36916HIGHIn PrepareWorkloadBuffers of gxp_main_actor.cc, there is a possible double fetch due to a race condition. This could lead to local escalatioEPSS 0.1%CVE-2026-15764HIGHUse after free in Ozone in Google Chrome on Linux prior to 150.0.7871.125 allowed a remote attacker who convinced a user to engage in specifEPSS —CVE-2026-15773CRITICALUse after free in Core in Google Chrome on Windows prior to 150.0.7871.125 allowed a remote attacker to potentially perform a sandbox escapeEPSS —CVE-2026-15771MEDIUMInsufficient validation of untrusted input in Media in Google Chrome on Windows prior to 150.0.7871.125 allowed a remote attacker who had coEPSS —CVE-2026-15769HIGHInsufficient validation of untrusted input in Linux Toolkit Theming in Google Chrome on Linux prior to 150.0.7871.125 allowed a remote attacEPSS —CVE-2026-15770MEDIUMUninitialized Use in V8 in Google Chrome prior to 150.0.7871.125 allowed a remote attacker to obtain potentially sensitive information from EPSS —CVE-2026-15765HIGHUse after free in Ozone in Google Chrome prior to 150.0.7871.125 allowed a remote attacker who convinced a user to engage in specific UI gesEPSS —CVE-2026-15766MEDIUMUninitialized Use in Skia in Google Chrome prior to 150.0.7871.125 allowed a remote attacker to obtain potentially sensitive information froEPSS —CVE-2026-15775—Inappropriate implementation in V8 in Google Chrome prior to 150.0.7871.125 allowed a remote attacker to bypass same origin policy via a craEPSS —CVE-2026-15777HIGHUse after free in UI in Google Chrome on Linux prior to 150.0.7871.125 allowed a remote attacker who convinced a user to engage in specific EPSS —CVE-2026-15768—Insufficient policy enforcement in HTML-in-Canvas in Google Chrome prior to 150.0.7871.125 allowed a remote attacker to bypass same origin pEPSS —CVE-2026-15772HIGHUse after free in GPU in Google Chrome on Android prior to 150.0.7871.125 allowed a remote attacker who had compromised the renderer processEPSS —