Google Chrome < 148.0.7778.167 多个漏洞

critical Nessus 插件 ID 314745

简介

远程 macOS 主机上安装的 Web 浏览器受到多个漏洞的影响。

描述

远程 macOS 主机上安装的 Google Chrome 版本低于 148.0.7778.167。因此,如公告 2026_05_stable-channel-update-for-desktop_12 所述,受到多个漏洞的影响。

- Mac 上 Google Chrome 148.0.7778.168 之前版本的 Extensions 中存在释放后使用漏洞,成功诱骗用户安装恶意扩展的攻击者可能利用此漏洞,通过构建的 Chrome 扩展程序执行远程代码。(Chromium 安全严重性:中)(CVE-2026-8587)

- Google Chrome 148.0.7778.168 之前版本的 Mojo 中存在释放后使用漏洞,远程攻击者可能利用该漏洞,通过构建的 HTML 页面执行沙盒逃逸。(Chromium 安全严重性:中)(CVE-2026-8580)

- Google Chrome 148.0.7778.168 之前版本的 WebML 中存在堆缓冲区溢出漏洞,远程攻击者可利用此漏洞,通过构建的 HTML 页面在沙盒中执行任意代码。(Chromium 安全严重性:危急)(CVE-2026-8509)

- Window 上的 Google Chrome 148.0.7778.168 之前版本的 Skia 中存在整数溢出,已破坏渲染器进程的远程攻击者会利用此漏洞,通过构建的 HTML 页面执行越界内存写入。
(Chromium 安全严重性:危急)(CVE-2026-8510)

- Google Chrome 148.0.7778.168 之前版本的 UI 中存在释放后使用漏洞,远程攻击者可能利用该漏洞,通过构建的 HTML 页面执行沙盒逃逸。(Chromium 安全严重性:危急)(CVE-2026-8511)

请注意,Nessus 尚未测试这些问题,而是只依据应用程序自我报告的版本号进行判断。

解决方案

升级至 Google Chrome 148.0.7778.167 或更高版本。

另见

https://crbug.com/328109821

https://crbug.com/343352552

https://crbug.com/40057534

https://crbug.com/40061220

https://crbug.com/418273622

https://crbug.com/442860473

https://crbug.com/470646792

https://crbug.com/483956252

https://crbug.com/484986863

https://crbug.com/486536241

https://crbug.com/486761172

https://crbug.com/487795397

https://crbug.com/488728570

https://crbug.com/490222151

https://crbug.com/490229299

https://crbug.com/490353576

https://crbug.com/491422244

https://crbug.com/491930142

https://crbug.com/492350403

https://crbug.com/492812194

https://crbug.com/493310462

https://crbug.com/495108488

https://crbug.com/495247950

https://crbug.com/495314407

https://crbug.com/495405493

https://crbug.com/495417883

https://crbug.com/495530312

https://crbug.com/495782021

https://crbug.com/495857582

https://crbug.com/495890000

https://crbug.com/495902113

https://crbug.com/495939973

https://crbug.com/495948109

https://crbug.com/495999127

https://crbug.com/496217775

https://crbug.com/496231853

https://crbug.com/496302307

https://crbug.com/496393078

https://crbug.com/496395450

https://crbug.com/496415073

https://crbug.com/496524586

https://crbug.com/496526419

https://crbug.com/496627235

https://crbug.com/496639647

https://crbug.com/496645393

https://crbug.com/497066659

https://crbug.com/497095799

https://crbug.com/497151750

https://crbug.com/497292072

https://crbug.com/497486030

https://crbug.com/497531263

https://crbug.com/497531791

https://crbug.com/497594413

https://crbug.com/497632199

https://crbug.com/497821764

https://crbug.com/497830330

https://crbug.com/497928952

https://crbug.com/497975477

https://crbug.com/497985088

https://crbug.com/498322453

https://crbug.com/498376171

https://crbug.com/498400132

https://crbug.com/498706958

https://crbug.com/498715368

https://crbug.com/498892595

https://crbug.com/499052720

https://crbug.com/499131214

https://crbug.com/499154022

https://crbug.com/499565267

https://crbug.com/500033878

https://crbug.com/500052361

https://crbug.com/502636904

https://crbug.com/502978647

https://crbug.com/503425922

https://crbug.com/503619813

https://crbug.com/504106200

https://crbug.com/504185107

https://crbug.com/504629701

https://crbug.com/507356235

http://www.nessus.org/u?439266d5

插件详情

严重性: Critical

ID: 314745

文件名: macosx_google_chrome_148_0_7778_167.nasl

版本: 1.4

类型: Local

代理: macosx

发布时间: 2026/5/14

最近更新时间: 2026/5/22

支持的传感器: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Tenable Cloud Security, Tenable Self-Hosted Container Security, Nessus

风险信息

VPR

风险因素: Medium

分数: 6.9

百分位: 96.95

CVSS v2

风险因素: Critical

基本分数: 10

时间分数: 7.4

矢量: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS 分数来源: CVE-2026-8587

CVSS v3

风险因素: Critical

基本分数: 9.6

时间分数: 8.3

矢量: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

时间矢量: CVSS:3.0/E:U/RL:O/RC:C

CVSS 分数来源: CVE-2026-8580

漏洞信息

CPE: cpe:/a:google:chrome

必需的 KB 项: installed_sw/Google Chrome

易利用性: No known exploits are available

补丁发布日期: 2026/5/12

漏洞发布日期: 2026/5/12

参考资料信息

CVE: CVE-2026-8509, CVE-2026-8510, CVE-2026-8511, CVE-2026-8512, CVE-2026-8513, CVE-2026-8514, CVE-2026-8515, CVE-2026-8516, CVE-2026-8517, CVE-2026-8518, CVE-2026-8519, CVE-2026-8520, CVE-2026-8521, CVE-2026-8522, CVE-2026-8523, CVE-2026-8524, CVE-2026-8525, CVE-2026-8526, CVE-2026-8527, CVE-2026-8528, CVE-2026-8529, CVE-2026-8530, CVE-2026-8531, CVE-2026-8532, CVE-2026-8533, CVE-2026-8534, CVE-2026-8535, CVE-2026-8536, CVE-2026-8537, CVE-2026-8538, CVE-2026-8539, CVE-2026-8540, CVE-2026-8541, CVE-2026-8542, CVE-2026-8543, CVE-2026-8544, CVE-2026-8545, CVE-2026-8546, CVE-2026-8547, CVE-2026-8548, CVE-2026-8549, CVE-2026-8550, CVE-2026-8551, CVE-2026-8552, CVE-2026-8553, CVE-2026-8554, CVE-2026-8555, CVE-2026-8556, CVE-2026-8557, CVE-2026-8558, CVE-2026-8559, CVE-2026-8560, CVE-2026-8561, CVE-2026-8562, CVE-2026-8563, CVE-2026-8564, CVE-2026-8565, CVE-2026-8566, CVE-2026-8567, CVE-2026-8568, CVE-2026-8569, CVE-2026-8570, CVE-2026-8571, CVE-2026-8572, CVE-2026-8573, CVE-2026-8574, CVE-2026-8575, CVE-2026-8576, CVE-2026-8577, CVE-2026-8578, CVE-2026-8579, CVE-2026-8580, CVE-2026-8581, CVE-2026-8582, CVE-2026-8583, CVE-2026-8584, CVE-2026-8585, CVE-2026-8586, CVE-2026-8587

IAVA: 2026-A-0485