【資安漏洞預警】以Chromium為基礎之瀏覽器存在79個高風險安全漏洞,請儘速確認並進行修補
[Security Vulnerability Alert] Chromium-based browsers contain 79 high-risk security vulnerabilities. Please identify and patch them as soon as possible.

發布單位:圖資處數位服務組
日期範圍:2026/5/22 ~ 2026/11/22
 
發布單位:圖資處數位服務組
日期範圍:2026/5/22 ~ 2026/11/22
行政 行政公告
全體

轉發 國家資安資訊分享與分析中心 資安訊息警訊 NISAC-200-202605-00000009

[內容說明]
研究人員發現Google Chrome、Microsoft Edge、Vivaldi及Brave等以Chromium為基礎之瀏覽器存在79個高風險安全漏洞(CVE-2026-8509至CVE-2026-8587),類型包含使用釋放後記憶體(Use After Free)與堆積型緩衝區溢位(Heap-based Buffer Overflow)等,最嚴重可使未經身分鑑別之遠端攻擊者誘使使用者開啟特製HTML頁面,進而逃脫瀏覽器沙盒環境。請儘速確認並進行修補。

[影響平台]
● Google Chrome 148.0.7778.167(不含)以前版本
● Microsoft Edge 148.0.3967.70(不含)以前版本
● Vivaldi 7.9.3970.67(不含)以前版本
● Brave 1.90.122(不含)以前版本

[建議措施]
1. 請更新Google Chrome瀏覽器至148.0.7778.167(含)以後版本
https://support.google.com/chrome/answer/95414?hl=zh-Hant

2. 請更新Microsoft Edge瀏覽器至148.0.3967.70(含)以後版本
https://support.microsoft.com/zh-tw/topic/microsoft-edge-%E6%9B%B4%E6%96%B0%E8%A8%AD%E5%AE%9A-af8aaca2-1b69-4870-94fe-18822dbb7ef1

3. 請更新Vivaldi瀏覽器至7.9.3970.67(含)以後版本
https://help.vivaldi.com/desktop/install-update/update-vivaldi/

4. 請更新Brave瀏覽器至1.90122(含)以後版本
https://community.brave.com/t/how-to-update-brave/384780

[參考資料]
1. https://support.google.com/chrome/answer/95414?hl=zh-Hant
2. https://support.microsoft.com/zh-tw/topic/microsoft-edge-%E6%9B%B4%E6%96%B0%E8%A8%AD%E5%AE%9A-af8aaca2-1b69-4870-94fe-18822dbb7ef1
3. https://help.vivaldi.com/desktop/install-update/update-vivaldi/
4. https://community.brave.com/t/how-to-update-brave/384780
5. https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html
6. https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-8509
7. https://vivaldi.com/blog/desktop/minor-update-nine-7-10/
8. https://brave.com/latest/

Forwarded from the National Cybersecurity Information Sharing and Analysis Center: Cybersecurity Alert NISAC-200-202605-00000009

[Content Description]
Researchers have discovered 79 high-risk security vulnerabilities (CVE-2026-8509 to CVE-2026-8587) in Chromium-based browsers such as Google Chrome, Microsoft Edge, Vivaldi, and Brave. These vulnerabilities include Use After Free and Heap-based Buffer Overflow, among others. In the most severe cases, unauthenticated remote attackers could trick users into opening specially crafted HTML pages, thereby escaping the browser's sandbox environment. Please confirm and patch these vulnerabilities as soon as possible.

[Affected Platforms]
● Google Chrome versions prior to 148.0.7778.167
● Microsoft Edge versions prior to 148.0.3967.70
● Vivaldi versions prior to 7.9.3970.67
● Brave versions prior to 1.90.122

[Recommended Measures]
1. Please update your Google Chrome browser to version 148.0.7778.167 or later.
https://support.google.com/chrome/answer/95414?hl=zh-Hant

2. Please update your Microsoft Edge browser to version 148.0.3967.70 or later.
https://support.microsoft.com/zh-tw/topic/microsoft-edge-%E6%9B%B4%E6%96%B0%E8%A8%AD%E5%AE%9A-af8aaca2-1b69-4870-94fe-18822dbb7ef1

3. Please update Vivaldi browser to version 7.9.3970.67 or later.
https://help.vivaldi.com/desktop/install-update/update-vivaldi/

4. Please update Brave browser to version 1.90122 or later.
https://community.brave.com/t/how-to-update-brave/384780

[References]
1. https://support.google.com/chrome/answer/95414?hl=zh-Hant
2. https://support.microsoft.com/zh-tw/topic/microsoft-edge-%E6%9B%B4%E6%96%B0%E8%A8%AD%E5%AE%9A-af8aaca2-1b69-4870-94fe-18822dbb7ef1
3. https://help.vivaldi.com/desktop/install-update/update-vivaldi/
4. https://community.brave.com/t/how-to-update-brave/384780
5. https://chromereleases.googleblog.com/2026/05/stable-channel-update-for-desktop_12.html
6. https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-8509
7. https://vivaldi.com/blog/desktop/minor-update-nine-7-10/
8. https://brave.com/latest/


相關附件
【返回上頁】
Top↑