【資安漏洞預警】以Chromium為基礎之瀏覽器存在21個高風險安全漏洞，請儘速確認並進行修補

【資安漏洞預警】以Chromium為基礎之瀏覽器存在21個高風險安全漏洞，請儘速確認並進行修補
[Security Vulnerability Alert] Chromium-based browsers contain 21 high-risk security vulnerabilities. Please identify and patch them as soon as possible.

發布單位：圖資處數位服務組

日期範圍：2026/4/10 ～ 2026/10/10

發布單位：圖資處數位服務組

日期範圍：2026/4/10 ～ 2026/10/10

行政行政公告

全體

轉發國家資安資訊分享與分析中心資安訊息警訊 NISAC-200-202604-00000003

[內容說明]
研究人員發現Google Chrome、Microsoft Edge、Vivaldi、Brave及Opera等以Chromium為基礎之瀏覽器存在21個高風險安全漏洞(CVE-2026-5272至CVE-2026-5292)，類型包含緩衝區溢位(Buffer Overflow)與使用釋放後記憶體(Use After Free)等，最嚴重可使未經身分鑑別之遠端攻擊者利用特製HTML頁面逃離瀏覽器沙箱環境並執行任意程式碼。其中CVE-2026-5281已遭駭客利用，請儘速確認並進行修補。

[影響平台]
Google Chrome 146.0.7680.177(不含)以前版本
Microsoft Edge 146.0.3856.97(不含)以前版本
Vivaldi 7.9.3970.47(不含)以前版本
Brave 1.88.138(不含)以前版本
Opera 129.0.5823.65(不含)以前版本

[建議措施]
1. 請更新Google Chrome瀏覽器至146.0.7680.178(含)以後版本 https://support.google.com/chrome/answer/95414?hl=zh-Hant

2. 請更新Microsoft Edge瀏覽器至146.0.3856.97(含)以後版本 https://support.microsoft.com/zh-tw/topic/microsoft-edge-%E6%9B%B4%E6%96%B0%E8%A8%AD%E5%AE%9A-af8aaca2-1b69-4870-94fe-18822dbb7ef1

3. 請更新Vivaldi瀏覽器至7.9.3970.47(含)以後版本 https://help.vivaldi.com/desktop/install-update/update-vivaldi/

4. 請更新Brave瀏覽器至1.88138(含)以後版本 https://community.brave.com/t/how-to-update-brave/384780

5. 請更新Opera瀏覽器至129.0.5823.65(含)以後版本 https://help.opera.com/en/latest/crashes-and-issues/#updateBrowser

[參考資料]
1. https://support.google.com/chrome/answer/95414?hl=zh-Hant
2. https://support.microsoft.com/zh-tw/topic/microsoft-edge-%E6%9B%B4%E6%96%B0%E8%A8%AD%E5%AE%9A-af8aaca2-1b69-4870-94fe-18822dbb7ef1
3. https://help.vivaldi.com/desktop/install-update/update-vivaldi/
4. https://community.brave.com/t/how-to-update-brave/384780
5. https://help.opera.com/en/latest/crashes-and-issues/#updateBrowser
6. https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_31.html
7. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5281
8. https://vivaldi.com/blog/desktop/minor-update-four-7-9/
9. https://brave.com/latest/
10. https://blogs.opera.com/security/2026/04/update-your-browser-security-fix-for-chrome-zero-day-cve-2026-5281/

Forwarded from the National Cybersecurity Information Sharing and Analysis Center: Cybersecurity Alert NISAC-200-202604-00000003

[Content Description]
Researchers have discovered 21 high-risk security vulnerabilities (CVE-2026-5272 to CVE-2026-5292) in Chromium-based browsers such as Google Chrome, Microsoft Edge, Vivaldi, Brave, and Opera. These vulnerabilities include buffer overflows and use-after-free vulnerabilities. In the most serious cases, unauthenticated remote attackers could use specially crafted HTML pages to escape the browser sandbox and execute arbitrary code. CVE-2026-5281 has already been exploited by hackers; please confirm and patch it as soon as possible.

[Affected Platforms]
Google Chrome versions prior to 146.0.7680.177 (excluding 146.0.7680.177)
Microsoft Edge versions prior to 146.0.3856.97 (excluding 146.0.3856.97)
Vivaldi versions prior to 7.9.3970.47 (excluding 7.9.3970.47)
Brave versions prior to 1.88.138 (excluding 1.88.138)
Opera versions prior to 129.0.5823.65 (excluding 129.0.5823.65)

[Recommended Measures]
1. Please update Google Chrome to version 146.0.7680.178 (inclusive) or later. https://support.google.com/chrome/answer/95414?hl=zh-Hant

2. Please update Microsoft Edge to version 146.0.3856.97 (inclusive) or later. https://support.microsoft.com/zh-tw/topic/microsoft-edge-%E6%9B%B4%E6%96%B0%E8%A8%AD%E5%AE%9A-af8aaca2-1b69-4870-94fe-18822dbb7ef1

3. Please update Vivaldi browser to version 7.9.3970.47 or later. https://help.vivaldi.com/desktop/install-update/update-vivaldi/

4. Please update Brave browser to version 1.88138 or later. https://community.brave.com/t/how-to-update-brave/384780

5. Please update Opera browser to version 129.0.5823.65 or later. https://help.opera.com/en/latest/crashes-and-issues/#updateBrowser

[References]
1. https://support.google.com/chrome/answer/95414?hl=zh-Hant
2. https://support.microsoft.com/zh-tw/topic/microsoft-edge-%E6%9B%B4%E6%96%B0%E8%A8%AD%E5%AE%9A-af8aaca2-1b69-4870-94fe-18822dbb7ef1
3. https://help.vivaldi.com/desktop/install-update/update-vivaldi/
4. https://community.brave.com/t/how-to-update-brave/384780
5. https://help.opera.com/en/latest/crashes-and-issues/#updateBrowser
6. https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_31.html
7. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5281
8. https://vivaldi.com/blog/desktop/minor-update-four-7-9/
9. https://brave.com/latest/
10. https://blogs.opera.com/security/2026/04/update-your-browser-security-fix-for-chrome-zero-day-cve-2026-5281/

【資安漏洞預警】以Chromium為基礎之瀏覽器存在21個高風險安全漏洞，請儘速確認並進行修補
[Security Vulnerability Alert] Chromium-based browsers contain 21 high-risk security vulnerabilities. Please identify and patch them as soon as possible.

發布單位：圖資處數位服務組

日期範圍：2026/4/10 ～ 2026/10/10

行政行政公告

全體

相關附件

無

【返回上頁】

【資安漏洞預警】以Chromium為基礎之瀏覽器存在21個高風險安全漏洞，請儘速確認並進行修補 [Security Vulnerability Alert] Chromium-based browsers contain 21 high-risk security vulnerabilities. Please identify and patch them as soon as possible.

發布單位：圖資處數位服務組

日期範圍：2026/4/10 ～ 2026/10/10

行政 行政公告

全體

相關附件

無

【返回上頁】

【資安漏洞預警】以Chromium為基礎之瀏覽器存在21個高風險安全漏洞，請儘速確認並進行修補
[Security Vulnerability Alert] Chromium-based browsers contain 21 high-risk security vulnerabilities. Please identify and patch them as soon as possible.

行政行政公告