¡¾·ì϶¹«¸æ¡¿Google Chrome V8¶Ñ»º³åÇøÒç¶Âí½Å(CVE-2025-0999)

°ä²¼¹¦·ò 2025-02-20

Ò»¡¢·ì϶¸ÅÊö


·ìϼûû³Æ

Google Chrome V8¶Ñ»º³åÇøÒç¶Âí½Å

CVE   ID

CVE-2025-0999

·ì϶ÀàÐÍ

»º³åÇøÒç³ö

·¢ÏÖ¹¦·ò

2025-02-20

·ì϶ÆÀ·Ö

8.8

·ì϶µÈ¼¶

¸ßΣ

¹¥»÷ÏòÁ¿

ÍøÂç

ËùÐèȨÏÞ

ÎÞ

ÀûÓÃÄѶÈ

µÍ

Óû§½»»¥

±ØÒª

PoC/EXP

δ¹«¿ª

ÔÚÒ°ÀûÓÃ

δ·¢ÏÖ


Google Chrome V8ÊÇÒ»¸ö¸ßЧµÄ¿ªÔ´JavaScriptÒýÇ棬ÓÃÓÚChromeä¯ÀÀÆ÷ºÍNode.jsµÈƽ̨¡£V8½«JavaScript´úÂë±àÒëΪ»úеÂ룬ÒÔÌá¸ßÖ´ÐÐЧÄÜ£¬ÓÅ»¯ä¯ÀÀÆ÷»úÄÜ¡£ËüÖ§³Ö¼´Ê±±àÒ루JIT£©ºÍÀ¬»ø»ØÊÕ»úÔ죬ͨ¹ýÄÚ´æÖÎÀíºÍÓÅ»¯Ëã·¨Ìṩ¸üºÃµÄÔËÐпìÂÊ¡£V8¿í·ºÓÃÓÚÍøÒ³ºÍÀûÓ÷¨Ê½ÖУ¬ÓÈÆäÔÚ´¦Öø´ÔӵĶ¯Ì¬ÄÚÈÝʱ²û·¢Óźñ¡£¸ÃÒýÇæµÄ¸ßЧÐÔÊÇChromeä¯ÀÀÆ÷Á÷³©ÂÄÀúµÄ³ÁÒª³É·ÖÖ®Ò»¡£


2025Äê2ÔÂ20ÈÕ£¬GA»Æ½ð¼×¼¯ÍÅVSRC¼à²âµ½Google°ä²¼Á˹ØÓÚCVE-2025-0999·ì϶µÄ°²È«²¼¸æ¡£²¼¸æÖ¸³ö£¬Google Chromeä¯ÀÀÆ÷ÖÐV8ÒýÇæ´æÔڶѻº³åÇøÒç¶Âí½Å¡£¸Ã·ì϶ӰÏìChrome 133.0.6943.126֮ǰµÄ°æ±¾£¬¹¥»÷Õß¿Éͨ¹ý»ú¹Ø¶ñÒâµÄHTMLÒ³Ã棬ÀûÓø÷ì϶ʵÏÖÔ¶³Ì´úÂëÖ´ÐУ¬´Ó¶ø¿ÉÄܵ¼Ö¶ÑÄÚ´æ·ÛËé¡£¸Ã·ì϶µÄCVSSÆÀ·ÖΪ8.8·Ö£¬·ì϶µÈ¼¶Îª¸ßΣ¡£


¶þ¡¢Ó°ÏìÁìÓò


Google Chrome < 133.0.6943.126


Èý¡¢°²È«´ëÊ©


3.1 Éý¼¶°æ±¾


½¨ÒéÊÜÓ°Ïì°æ±¾µÄÓû§¾¡¿ìÉý¼¶µ½ÒÔÏ°汾£¬ÒÔ½â¾ö¸ÃÎÊÌâ¡£
Google Chrome °æ±¾ 133.0.6943.126 (Windows¡¢Mac)
Google Chrome °æ±¾ 133.0.6943.127 (Windows¡¢Mac)
Google Chrome °æ±¾ 133.0.6943.126 (Linux)


ÏÂÔØÁ´½Ó£º

https://www.google.cn/intl/zh-CN/chrome/


3.2 һʱ´ëÊ©



ÔÝÎÞ¡£


3.4 ²Î¿¼Á´½Ó


https://chromereleases.googleblog.com/2025/02/stable-channel-update-for-desktop_18.html
https://issues.chromium.org/issues/394350433
https://nvd.nist.gov/vuln/detail/CVE-2025-0999