偵測

Plugin

關於 Plugin 系列

指標

攻擊指標 (IoA)

曝險指標 (IoE)

Google Chrome < 148.0.7778.167 多個弱點

critical Nessus Plugin ID 314745

語言:

概要

遠端 macOS 主機上安裝的 Web 瀏覽器受到多個弱點影響。

說明

遠端 macOS 主機上安裝的 Google Chrome 版本比 148.0.7778.167 舊，因此會受到 2026_05_stable-channel-update-for-desktop_12 公告中所提及的多個弱點影響。

- Google Chrome 148.0.7778.168 之前版本的 Extensions 中存在釋放後使用弱點，成功誘騙使用者安裝惡意延伸模組的攻擊者可能利用此弱點，透過建構的 Chrome 延伸模組執行任意程式碼。(Chromium 安全性嚴重性 : 中) (CVE-2026-8587)

- Google Chrome 148.0.7778.168 之前版本的 WebML 中存在堆積型緩衝區溢位弱點，遠端攻擊者可利用此弱點，透過建構的 HTML 頁面在沙箱中執行任意程式碼。(Chromium 安全性嚴重性：重大) (CVE-2026-8509)

- 在 Windows 系統上，148.0.7778.168 之前的 Google Chrome 版本的 Skia 存在整數溢位漏洞，此漏洞允許已入侵渲染程序的遠端攻擊者，透過精心製作的 HTML 頁面執行越界記憶體寫入。
(Chromium 安全性嚴重性：重大) (CVE-2026-8510)

- Google Chrome 148.0.7778.168 之前版本的 UI 中存在釋放後使用問題，遠端攻擊者可能藉此透過建構的 HTML 頁面執行沙箱逸出。(Chromium 安全性嚴重性：重大) (CVE-2026-8511)

- 在 Google Chrome 148.0.7778.168 之前的版本中，FileSystem 中存在釋放後使用問題，遠端攻擊者會誘騙使用者執行特定 UI 手勢，以透過特別建構的 HTML 頁面執行沙箱逸出。(Chromium 安全性嚴重性：重大) (CVE-2026-8512)

請注意，Nessus 並未測試這些問題，而是僅依據應用程式自我報告的版本號碼作出判斷。

解決方案

升級至 Google Chrome 148.0.7778.167 版或更新版本。

另請參閱

http://www.nessus.org/u?439266d5

https://crbug.com/493310462

https://crbug.com/502636904

https://crbug.com/495108488

https://crbug.com/495782021

https://crbug.com/495939973

https://crbug.com/495948109

https://crbug.com/495999127

https://crbug.com/496393078

https://crbug.com/497531263

https://crbug.com/497830330

https://crbug.com/498400132

https://crbug.com/503619813

https://crbug.com/504106200

https://crbug.com/504185107

https://crbug.com/483956252

https://crbug.com/503425922

https://crbug.com/499565267

https://crbug.com/497928952

https://crbug.com/486536241

https://crbug.com/486761172

https://crbug.com/487795397

https://crbug.com/490222151

https://crbug.com/491930142

https://crbug.com/492350403

https://crbug.com/492812194

https://crbug.com/495247950

https://crbug.com/495314407

https://crbug.com/495530312

https://crbug.com/495857582

https://crbug.com/495890000

https://crbug.com/496415073

https://crbug.com/496524586

https://crbug.com/496627235

https://crbug.com/496645393

https://crbug.com/497066659

https://crbug.com/497095799

https://crbug.com/497151750

https://crbug.com/497486030

https://crbug.com/497531791

https://crbug.com/497632199

https://crbug.com/497821764

https://crbug.com/497985088

https://crbug.com/498322453

https://crbug.com/498376171

https://crbug.com/498706958

https://crbug.com/498715368

https://crbug.com/499131214

https://crbug.com/500033878

https://crbug.com/500052361

https://crbug.com/502978647

https://crbug.com/504629701

https://crbug.com/328109821

https://crbug.com/343352552

https://crbug.com/40057534

https://crbug.com/40061220

https://crbug.com/418273622

https://crbug.com/442860473

https://crbug.com/470646792

https://crbug.com/484986863

https://crbug.com/488728570

https://crbug.com/490229299

https://crbug.com/490353576

https://crbug.com/491422244

https://crbug.com/495405493

https://crbug.com/495417883

https://crbug.com/495902113

https://crbug.com/496217775

https://crbug.com/496231853

https://crbug.com/496302307

https://crbug.com/496395450

https://crbug.com/496526419

https://crbug.com/496639647

https://crbug.com/497292072

https://crbug.com/497594413

https://crbug.com/497975477

https://crbug.com/498892595

https://crbug.com/499052720

https://crbug.com/499154022

https://crbug.com/507356235

Plugin 詳細資訊

嚴重性: Critical

ID: 314745

檔案名稱: macosx_google_chrome_148_0_7778_167.nasl

版本: 1.2

類型: Local

代理程式: macosx

系列: MacOS X Local Security Checks

已發布: 2026/5/14

已更新: 2026/5/18

支援的感應器: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Nessus

風險資訊

VPR

風險因素: Critical

分數: 9.2

CVSS v2

風險因素: Critical

基本分數: 10

時間性分數: 7.4

媒介: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS 評分資料來源: CVE-2026-8587

CVSS v3

風險因素: Critical

基本分數: 9.6

時間性分數: 8.3

媒介: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

時間媒介: CVSS:3.0/E:U/RL:O/RC:C

CVSS 評分資料來源: CVE-2026-8580

弱點資訊

CPE: cpe:/a:google:chrome

必要的 KB 項目: installed_sw/Google Chrome

可輕鬆利用: No known exploits are available

修補程式發佈日期: 2026/5/12

弱點發布日期: 2026/5/12

參考資訊

CVE: CVE-2026-8509, CVE-2026-8510, CVE-2026-8511, CVE-2026-8512, CVE-2026-8513, CVE-2026-8514, CVE-2026-8515, CVE-2026-8516, CVE-2026-8517, CVE-2026-8518, CVE-2026-8519, CVE-2026-8520, CVE-2026-8521, CVE-2026-8522, CVE-2026-8523, CVE-2026-8524, CVE-2026-8525, CVE-2026-8526, CVE-2026-8527, CVE-2026-8528, CVE-2026-8529, CVE-2026-8530, CVE-2026-8531, CVE-2026-8532, CVE-2026-8533, CVE-2026-8534, CVE-2026-8535, CVE-2026-8536, CVE-2026-8537, CVE-2026-8538, CVE-2026-8539, CVE-2026-8540, CVE-2026-8541, CVE-2026-8542, CVE-2026-8543, CVE-2026-8544, CVE-2026-8545, CVE-2026-8546, CVE-2026-8547, CVE-2026-8548, CVE-2026-8549, CVE-2026-8550, CVE-2026-8551, CVE-2026-8552, CVE-2026-8553, CVE-2026-8554, CVE-2026-8555, CVE-2026-8556, CVE-2026-8557, CVE-2026-8558, CVE-2026-8559, CVE-2026-8560, CVE-2026-8561, CVE-2026-8562, CVE-2026-8563, CVE-2026-8564, CVE-2026-8565, CVE-2026-8566, CVE-2026-8567, CVE-2026-8568, CVE-2026-8569, CVE-2026-8570, CVE-2026-8571, CVE-2026-8572, CVE-2026-8573, CVE-2026-8574, CVE-2026-8575, CVE-2026-8576, CVE-2026-8577, CVE-2026-8578, CVE-2026-8579, CVE-2026-8580, CVE-2026-8581, CVE-2026-8582, CVE-2026-8583, CVE-2026-8584, CVE-2026-8585, CVE-2026-8586, CVE-2026-8587