轉發 國家資安資訊分享與分析中心 資安訊息警訊 NISAC-200-202605-00000001

[內容說明]
研究人員發現Google Chrome、Microsoft Edge、Vivaldi及Brave等以Chromium為基礎之瀏覽器存在30個高風險安全漏洞(CVE-2026-7333至CVE-2026-7361與CVE-2026-7363)，類型包含使用釋放後記憶體(Use After Free)與堆積型緩衝區溢位(Heap-based Buffer Overflow)，最嚴重可使未經身分鑑別之遠端攻擊者誘使使用者開啟特製HTML頁面，進而於瀏覽器沙盒環境內執行任意程式碼。請儘速確認並進行修補。

[影響平台]
Google Chrome 147.0.7727.137(不含)以前版本
Microsoft Edge 147.0.3912.98(不含)以前版本
Vivaldi 7.9.3970.60(不含)以前版本
Brave 1.89.145(不含)以前版本

[建議措施]
1. 請更新Google Chrome瀏覽器至147.0.7727.137(含)以後版本 https://support.google.com/chrome/answer/95414?hl=zh-Hant

2. 請更新Microsoft Edge瀏覽器至147.0.3912.98(含)以後版本 https://support.microsoft.com/zh-tw/topic/microsoft-edge-%E6%9B%B4%E6%96%B0%E8%A8%AD%E5%AE%9A-af8aaca2-1b69-4870-94fe-18822dbb7ef1

3. 請更新Vivaldi瀏覽器至7.9.3970.60(含)以後版本 https://help.vivaldi.com/desktop/install-update/update-vivaldi/

4. 請更新Brave瀏覽器至1.89145(含)以後版本 https://community.brave.com/t/how-to-update-brave/384780

[參考資料]
1. https://support.google.com/chrome/answer/95414?hl=zh-Hant
2. https://support.microsoft.com/zh-tw/topic/microsoft-edge-%E6%9B%B4%E6%96%B0%E8%A8%AD%E5%AE%9A-af8aaca2-1b69-4870-94fe-18822dbb7ef1
3. https://help.vivaldi.com/desktop/install-update/update-vivaldi/
4. https://community.brave.com/t/how-to-update-brave/384780
5. https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_28.html
6. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-7335
7. https://vivaldi.com/blog/desktop/minor-update-eight-7-9/
8. https://brave.com/latest/

Forwarded from the National Cybersecurity Information Sharing and Analysis Center: Cybersecurity Alert NISAC-200-202605-00000001

[Content Description]
Researchers have discovered 30 high-risk security vulnerabilities (CVE-2026-7333 to CVE-2026-7361 and CVE-2026-7363) in Chromium-based browsers such as Google Chrome, Microsoft Edge, Vivaldi, and Brave. These vulnerabilities include Use After Free and Heap-based Buffer Overflow. In the most severe cases, unauthenticated remote attackers could trick users into opening specially crafted HTML pages, thereby executing arbitrary code within the browser's sandbox environment. Please confirm and patch these vulnerabilities as soon as possible.

[Affected Platforms]
Google Chrome versions prior to 147.0.7727.137 (excluding 147.0.7727.137)
Microsoft Edge versions prior to 147.0.3912.98 (excluding 147.0.3912.98)
Vivaldi versions prior to 7.9.3970.60 (excluding 7.9.3970.60)
Brave versions prior to 1.89.145 (excluding 1.89.145)

[Recommended Measures]
1. Please update Google Chrome to version 147.0.7727.137 (inclusive) or later. https://support.google.com/chrome/answer/95414?hl=zh-Hant

2. Please update Microsoft Edge to version 147.0.3912.98 (inclusive) or later. https://support.microsoft.com/zh-tw/topic/microsoft-edge-%E6%9B%B4%E6%96%B0%E8%A8%AD%E5%AE%9A-af8aaca2-1b69-4870-94fe-18822dbb7ef1

3. Please update Vivaldi browser to version 7.9.3970.60 or later. https://help.vivaldi.com/desktop/install-update/update-vivaldi/

4. Please update Brave browser to version 1.89145 or later. https://community.brave.com/t/how-to-update-brave/384780

[References]
1. https://support.google.com/chrome/answer/95414?hl=zh-Hant
2. https://support.microsoft.com/zh-tw/topic/microsoft-edge-%E6%9B%B4%E6%96%B0%E8%A8%AD%E5%AE%9A-af8aaca2-1b69-4870-94fe-18822dbb7ef1
3. https://help.vivaldi.com/desktop/install-update/update-vivaldi/
4. https://community.brave.com/t/how-to-update-brave/384780
5. https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_28.html
6. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-7335
7. https://vivaldi.com/blog/desktop/minor-update-eight-7-9/
8. https://brave.com/latest/