轉發 國家資安資訊分享與分析中心 資安訊息警訊 NISAC-200-202604-00000008

[內容說明]
研究人員發現Google Chrome、Microsoft Edge、Vivaldi及Brave等以Chromium為基礎之瀏覽器存在60個高風險安全漏洞(CVE-2026-5858至CVE-2026-5915、CVE-2026-5918及CVE-2026-5919)，類型包含堆積型緩衝區溢位(Heap-based Buffer Overflow)與使用釋放後記憶體(Use After Free)等，最嚴重可使未經身分鑑別之遠端攻擊者透過特製HTML頁面造成記憶體損毀或執行任意程式碼。請儘速確認並進行修補。

[影響平台]
Google Chrome 147.0.7727.55(不含)以前版本
Microsoft Edge 147.0.3912.60(不含)以前版本
Vivaldi 7.9.3970.50(不含)以前版本
Brave 1.89.132(不含)以前版本

[建議措施]
1. 請更新Google Chrome瀏覽器至147.0.7727.55(含)以後版本 https://support.google.com/chrome/answer/95414?hl=zh-Hant

2. 請更新Microsoft Edge瀏覽器至147.0.3912.60(含)以後版本 https://support.microsoft.com/zh-tw/topic/microsoft-edge-%E6%9B%B4%E6%96%B0%E8%A8%AD%E5%AE%9A-af8aaca2-1b69-4870-94fe-18822dbb7ef1

3. 請更新Vivaldi瀏覽器至7.9.3970.50(含)以後版本 https://help.vivaldi.com/desktop/install-update/update-vivaldi/

4. 請更新Brave瀏覽器至1.89132(含)以後版本 https://community.brave.com/t/how-to-update-brave/384780

[參考資料]
1. https://support.google.com/chrome/answer/95414?hl=zh-Hant
2. https://support.microsoft.com/zh-tw/topic/microsoft-edge-%E6%9B%B4%E6%96%B0%E8%A8%AD%E5%AE%9A-af8aaca2-1b69-4870-94fe-18822dbb7ef1
3. https://help.vivaldi.com/desktop/install-update/update-vivaldi/
4. https://community.brave.com/t/how-to-update-brave/384780
5. https://help.opera.com/en/latest/crashes-and-issues/#updateBrowser
6. https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html
7. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5919
8. https://vivaldi.com/blog/desktop/desktop-updates/minor-update-five-7-9/
9. https://brave.com/latest/

Forwarded from National Cybersecurity Information Sharing and Analysis Center: Cybersecurity Alert NISAC-200-202604-00000008

[Content Description]
Researchers have discovered 60 high-risk security vulnerabilities (CVE-2026-5858 to CVE-2026-5915, CVE-2026-5918, and CVE-2026-5919) in Chromium-based browsers such as Google Chrome, Microsoft Edge, Vivaldi, and Brave. These vulnerabilities include heap-based buffer overflows and use-after-free vulnerabilities. In the most severe cases, unauthenticated remote attackers could use specially crafted HTML pages to cause memory corruption or execute arbitrary code. Please confirm and patch these vulnerabilities as soon as possible.

[Affected Platforms]
Google Chrome versions prior to 147.0.7727.55
Microsoft Edge versions prior to 147.0.3912.60
Vivaldi versions prior to 7.9.3970.50
Brave versions prior to 1.89.132

[Recommended Measures]
1. Please update Google Chrome to version 147.0.7727.55 or later. https://support.google.com/chrome/answer/95414?hl=zh-Hant

2. Please update Microsoft Edge to version 147.0.3912.60 or later. https://support.microsoft.com/zh-tw/topic/microsoft-edge-%E6%9B%B4%E6%96%B0%E8%A8%AD%E5%AE%9A-af8aaca2-1b69-4870-94fe-18822dbb7ef1

3. Please update Vivaldi browser to version 7.9.3970.50 or later. https://help.vivaldi.com/desktop/install-update/update-vivaldi/

4. Please update Brave browser to version 1.89132 or later. https://community.brave.com/t/how-to-update-brave/384780

[References]
1. https://support.google.com/chrome/answer/95414?hl=zh-Hant
2. https://support.microsoft.com/zh-tw/topic/microsoft-edge-%E6%9B%B4%E6%96%B0%E8%A8%AD%E5%AE%9A-af8aaca2-1b69-4870-94fe-18822dbb7ef1
3. https://help.vivaldi.com/desktop/install-update/update-vivaldi/
4. https://community.brave.com/t/how-to-update-brave/384780
5. https://help.opera.com/en/latest/crashes-and-issues/#updateBrowser
6. https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop.html
7. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5919
8. https://vivaldi.com/blog/desktop/desktop-updates/minor-update-five-7-9/
9. https://brave.com/latest/