¡¾Â©¶´Í¨¸æ¡¿Google Chrome V8¶Ñ»º³åÇøÒç³ö©¶´(CVE-2025-0999)

Ðû²¼Ê±¼ä 2025-02-20

Ò»¡¢Â©¶´¸ÅÊö


©¶´Ãû³Æ

Google Chrome V8¶Ñ»º³åÇøÒç³ö©¶´

CVE   ID

CVE-2025-0999

©¶´ÀàÐÍ

»º³åÇøÒç³ö

·¢ÏÖʱ¼ä

2025-02-20

©¶´ÆÀ·Ö

8.8

©¶´Æ·¼¶

¸ßΣ

¹¥»÷ÏòÁ¿

ÍøÂç

ËùÐèȨÏÞ

ÎÞ

ÀûÓÃÄѶÈ

µÍ

Óû§½»»¥

ÐèÒª

PoC/EXP

δ¹ûÈ»

ÔÚÒ°ÀûÓÃ

δ·¢ÏÖ


Google Chrome V8ÊÇÒ»¸ö¸ßЧµÄ¿ªÔ´JavaScriptÒýÇæ £¬ÓÃÓÚChromeä¯ÀÀÆ÷ºÍNode.jsµÈƽ̨¡£V8½«JavaScript´úÂë±àÒëΪ»úÆ÷Âë £¬ÒÔÌá¸ßÖ´ÐÐЧÂÊ £¬ÓÅ»¯ä¯ÀÀÆ÷ÐÔÄÜ¡£ËüÖ§³Ö¼´Ê±±àÒ루JIT£©ºÍÀ¬»ø»ØÊÕ»úÖÆ £¬Í¨¹ýÄÚ´æ¹ÜÀíºÍÓÅ»¯Ëã·¨Ìṩ¸üºÃµÄÔËÐÐËٶȡ£V8¹ã·ºÓÃÓÚÍøÒ³ºÍÓ¦Ó÷¨Ê½ÖÐ £¬ÓÈÆäÔÚ´¦ÖÃÅÓ´óµÄ¶¯Ì¬ÄÚÈÝʱÌåÏÖÓÅÔ½¡£¸ÃÒýÇæµÄ¸ßЧÐÔÊÇChromeä¯ÀÀÆ÷Á÷³©ÌåÑéµÄÖØÒªÒòËØÖ®Ò»¡£


2025Äê2ÔÂ20ÈÕ £¬¶«É­Æ½Ì¨¼¯ÍÅVSRC¼à²âµ½GoogleÐû²¼Á˹ØÓÚCVE-2025-0999©¶´µÄÄþ¾²Í¨¸æ¡£Í¨¸æÖ¸³ö £¬Google Chromeä¯ÀÀÆ÷ÖÐV8ÒýÇæ´æÔڶѻº³åÇøÒç³ö©¶´¡£¸Ã©¶´Ó°ÏìChrome 133.0.6943.126֮ǰµÄ°æ±¾ £¬¹¥»÷Õß¿Éͨ¹ý½á¹¹¶ñÒâµÄHTMLÒ³Ãæ £¬ÀûÓø鶴ʵÏÖÔ¶³Ì´úÂëÖ´ÐÐ £¬´Ó¶ø¿ÉÄܵ¼Ö¶ÑÄÚ´æÆÆ»µ¡£¸Ã©¶´µÄCVSSÆÀ·ÖΪ8.8·Ö £¬Â©¶´Æ·¼¶Îª¸ßΣ¡£


¶þ¡¢Ó°Ï췶Χ


Google Chrome < 133.0.6943.126


Èý¡¢Äþ¾²´ëÊ©


3.1 Éý¼¶°æ±¾


½¨ÒéÊÜÓ°Ïì°æ±¾µÄÓû§¾¡¿ìÉý¼¶µ½ÒÔÏ°汾 £¬ÒÔ½â¾ö¸ÃÎÊÌâ¡£
Google Chrome °æ±¾ 133.0.6943.126 (Windows¡¢Mac)
Google Chrome °æ±¾ 133.0.6943.127 (Windows¡¢Mac)
Google Chrome °æ±¾ 133.0.6943.126 (Linux)


ÏÂÔØÁ´½Ó£º

https://www.google.cn/intl/zh-CN/chrome/


3.2 ÁÙʱ´ëÊ©



ÔÝÎÞ¡£


3.4 ²Î¿¼Á´½Ó


https://chromereleases.googleblog.com/2025/02/stable-channel-update-for-desktop_18.html
https://issues.chromium.org/issues/394350433
https://nvd.nist.gov/vuln/detail/CVE-2025-0999