Vulnerabilidades em Google
5.229 resultadosAnálise Vexday
Com 4.763 CVEs catalogadas e 77 confirmadas em exploração ativa pelo CISA KEV, a taxa de exploração dos produtos Google é 3,6 vezes superior à média geral do catálogo, sinalizando risco operacional elevado para organizações que dependem desse ecossistema. O volume de 1.225 CVEs surgidas nos últimos 90 dias indica cadência intensa de descobertas, exigindo ciclos de patching ágeis. O tipo de falha mais recorrente é CWE-416 (use-after-free), classe de vulnerabilidade que frequentemente viabiliza execução de código arbitrário e escalada de privilégios. Destaque especial para CVE-2023-4863, com EPSS de 0,9974 — valor próximo ao máximo possível —, indicando probabilidade altíssima de exploração ativa e merecendo tratamento prioritário imediato.
CVE-2025-24959LOWEnvironment Variable Injection for dotenv API in zxEPSS 0.2%CVE-2026-11695MEDIUMInappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to leak cross-origin data via aEPSS 0.2%CVE-2026-7971MEDIUMInappropriate implementation in ORB in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to bypass site isolation via a craftedEPSS 0.2%CVE-2026-11234MEDIUMInappropriate implementation in FoldableAPIs in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the rendeEPSS 0.2%CVE-2026-3942MEDIUMIncorrect security UI in PictureInPicture in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a craEPSS 0.2%CVE-2026-11678MEDIUMInteger overflow in libyuv in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to obEPSS 0.2%CVE-2025-6557MEDIUMInsufficient data validation in DevTools in Google Chrome on Windows prior to 138.0.7204.49 allowed a remote attacker who convinced a user tEPSS 0.2%CVE-2026-11685MEDIUMInappropriate implementation in MediaCapture in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to leak cross-origin EPSS 0.2%CVE-2026-13281HIGHInteger overflow in Mojo in Google Chrome prior to 149.0.7827.201 allowed a remote attacker who had compromised the renderer process to poteEPSS 0.2%CVE-2026-11233MEDIUMInsufficient policy enforcement in FoldableAPIs in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the reEPSS 0.2%CVE-2026-3927MEDIUMIncorrect security UI in PictureInPicture in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a craEPSS 0.2%CVE-2026-11247LOWInsufficient policy enforcement in CustomTabs in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to leak cross-oriEPSS 0.2%CVE-2026-11200MEDIUMInappropriate implementation in WebRTC in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a craEPSS 0.2%CVE-2026-11129MEDIUMInappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via aEPSS 0.2%CVE-2024-7017HIGHInappropriate implementation in DevTools in Google Chrome prior to 126.0.6478.182 allowed a remote attacker to potentially perform a sandboxEPSS 0.2%CVE-2026-11261MEDIUMInappropriate implementation in PDF in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer proceEPSS 0.2%CVE-2026-11245MEDIUMInappropriate implementation in Payments in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafEPSS 0.2%CVE-2026-11134MEDIUMInappropriate implementation in Media in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafEPSS 0.2%CVE-2026-11139MEDIUMInappropriate implementation in Paint in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafEPSS 0.2%CVE-2026-8559MEDIUMInteger overflow in Internationalization in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to perform an out of EPSS 0.2%